Lock down session commands

This commit is contained in:
Bernd Schoolmann 2024-02-09 19:46:29 +01:00
parent 69797aa50b
commit dc05cdfee6
No known key found for this signature in database
1 changed files with 9 additions and 0 deletions

View File

@ -66,6 +66,10 @@ func serveAgentSession(c net.Conn, vault *vault.Vault, cfg *config.Config) {
// todo refactor to other file // todo refactor to other file
if msg.Type == messages.MessageTypeForEmptyPayload(messages.SessionAuthRequest{}) { if msg.Type == messages.MessageTypeForEmptyPayload(messages.SessionAuthRequest{}) {
if cfg.ConfigFile.RuntimeConfig.DaemonAuthToken == "" {
return
}
req := messages.ParsePayload(msg).(messages.SessionAuthRequest) req := messages.ParsePayload(msg).(messages.SessionAuthRequest)
verified := subtle.ConstantTimeCompare([]byte(cfg.ConfigFile.RuntimeConfig.DaemonAuthToken), []byte(req.Token)) == 1 verified := subtle.ConstantTimeCompare([]byte(cfg.ConfigFile.RuntimeConfig.DaemonAuthToken), []byte(req.Token)) == 1
@ -98,6 +102,11 @@ func serveAgentSession(c net.Conn, vault *vault.Vault, cfg *config.Config) {
// todo refactor to other file // todo refactor to other file
if msg.Type == messages.MessageTypeForEmptyPayload(messages.PinentryRegistrationRequest{}) { if msg.Type == messages.MessageTypeForEmptyPayload(messages.PinentryRegistrationRequest{}) {
// todo lockdown this method better
if cfg.ConfigFile.RuntimeConfig.DaemonAuthToken == "" {
return
}
log.Info("Received pinentry registration request") log.Info("Received pinentry registration request")
getPasswordChan := make(chan struct { getPasswordChan := make(chan struct {